General

  • Target

    cbf215932c3d338aa62d3dfd3203a2b7fcb865301a556b80211a65144eaebc6dN

  • Size

    576KB

  • Sample

    241113-ynyf2aybrg

  • MD5

    e6c62da4ac4cb654154b53839fdf3e40

  • SHA1

    46883958c07c51a5f651eca373f6611c07f7a8ef

  • SHA256

    cbf215932c3d338aa62d3dfd3203a2b7fcb865301a556b80211a65144eaebc6d

  • SHA512

    20156bb46f0a55682fd26424c6f45b2d5fb4eca28d00cb166dcb2987dec61c75a1a5a9095f62b3f00b6d8f34f8424fc49e9f5cb491ea6d1a9df7d3fb10c1c645

  • SSDEEP

    12288:u8Lx8V4JrnK6sNHpH8qaVjIRhNQLkMIFyvvp:uWx5re8pjIJWdIFix

Malware Config

Extracted

Family

redline

Botnet

gena

C2

185.161.248.73:4164

Attributes
  • auth_value

    d05bf43eef533e262271449829751d07

Targets

    • Target

      cbf215932c3d338aa62d3dfd3203a2b7fcb865301a556b80211a65144eaebc6dN

    • Size

      576KB

    • MD5

      e6c62da4ac4cb654154b53839fdf3e40

    • SHA1

      46883958c07c51a5f651eca373f6611c07f7a8ef

    • SHA256

      cbf215932c3d338aa62d3dfd3203a2b7fcb865301a556b80211a65144eaebc6d

    • SHA512

      20156bb46f0a55682fd26424c6f45b2d5fb4eca28d00cb166dcb2987dec61c75a1a5a9095f62b3f00b6d8f34f8424fc49e9f5cb491ea6d1a9df7d3fb10c1c645

    • SSDEEP

      12288:u8Lx8V4JrnK6sNHpH8qaVjIRhNQLkMIFyvvp:uWx5re8pjIJWdIFix

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks